[BUG] mysql_grants state not passing escape param to mysql.grant_revoke #21
Description
Description
When the absent function of mysql_grants state is used with escape: True, that param is at first passed to the underlying call of mysql.grant_exists but not to the following mysql.grant_revoke if the grant exists.
Setup
Salt master running on server A, Salt minion and MySQL running on server B. Both are:
- on-prem machine
- classic packaging
Steps to Reproduce the behavior
- Create a state with a simple call to revoke grants passing
escape: Trueparam
mysql_grants_revoke_my_user@127.0.0.1_my_db_ALL:
file.append:
- name: /tmp/mysql_users_remove.log
- text: "20240207T100412 | GRANT_DB | REVOKE SELECT, SHOW VIEW ON my_db.* FROM 'my_user'@'127.0.0.1';"
mysql_grants.absent:
- connection_host: 'localhost'
- connection_pass: 'password'
- connection_unix_socket: /opt/mysql/data/mysql.sock
- connection_user: 'root'
- database: "my_db.*"
- escape: False
- grant: 'SELECT, SHOW VIEW'
- host: "127.0.0.1"
- user: "my_user"
Expected behavior
If I am setting escape: False, that should be passed to all the underlying calls, both mysql.grant_exists and mysql.grant_revoke.
Screenshots
[INFO ] Running state [mysql_grants_revoke_my_user@127.0.0.1_my_db_ALL] at time 10:18:52.483835
[INFO ] Executing state mysql_grants.absent for [mysql_grants_revoke_my_user@127.0.0.1_my_db_ALL]
[DEBUG ] Grant Query generated: GRANT SELECT, SHOW VIEW ON my_db.* TO %(user)s@%(host)s args {'user': 'my_user', 'host': '127.0.0.1'}
[DEBUG ] Doing query: SELECT plugin FROM mysql.user WHERE User=%(user)s and Host=%(host)s args: {'user': 'my_user', 'host': '127.0.0.1'}
[DEBUG ] ({'plugin': 'mysql_native_password'},)
[DEBUG ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {'user': 'my_user', 'host': '127.0.0.1'}
[DEBUG ] Doing query: SHOW GRANTS FOR %(user)s@%(host)s args: {'user': 'my_user', 'host': '127.0.0.1'}
[DEBUG ] ["GRANT USAGE ON *.* TO 'my_user'@'127.0.0.1'", "GRANT SELECT, SHOW VIEW ON `dbone`.* TO 'my_user'@'127.0.0.1'", "GRANT SELECT, SHOW VIEW ON `my_db`.* TO 'my_user'@'127.0.0.1'"]
[DEBUG ] _grant_to_tokens entry 'GRANT USAGE ON *.* TO 'my_user'@'127.0.0.1''
[DEBUG ] grant to token 'my_user'::'127.0.0.1'::'['USAGE']'::'*.*'
[DEBUG ] _grant_to_tokens entry 'GRANT SELECT, SHOW VIEW ON `dbone`.* TO 'my_user'@'127.0.0.1''
[DEBUG ] grant to token 'my_user'::'127.0.0.1'::'['SELECT', 'SHOW VIEW']'::'`dbone`.*'
[DEBUG ] _grant_to_tokens entry 'GRANT SELECT, SHOW VIEW ON `my_db`.* TO 'my_user'@'127.0.0.1''
[DEBUG ] grant to token 'my_user'::'127.0.0.1'::'['SELECT', 'SHOW VIEW']'::'`my_db`.*'
[DEBUG ] _grant_to_tokens entry '{'qry': 'GRANT SELECT, SHOW VIEW ON my_db.* TO %(user)s@%(host)s', 'args': {'user': 'my_user', 'host': '127.0.0.1'}}'
[DEBUG ] grant to token 'my_user'::'127.0.0.1'::'['SELECT', 'SHOW VIEW']'::'my_db.*'
[DEBUG ] grants mismatch '{'user': 'my_user', 'database': '*.*', 'host': '127.0.0.1', 'grant': ['USAGE']}'<>'{'user': 'my_user', 'host': '127.0.0.1', 'grant': ['SELECT', 'SHOW VIEW'], 'database': 'my_db.*'}'
[DEBUG ] grants mismatch '{'user': 'my_user', 'database': '`dbone`.*', 'host': '127.0.0.1', 'grant': ['SELECT', 'SHOW VIEW']}'<>'{'user': 'my_user', 'host': '127.0.0.1', 'grant': ['SELECT', 'SHOW VIEW'], 'database': 'my_db.*'}'
[DEBUG ] Doing query: REVOKE SELECT, SHOW VIEW ON `my\_db`.* FROM %(user)s@%(host)s; args: {'user': 'my_user', 'host': '127.0.0.1'}
[ERROR ] MySQL Error 1141: There is no such grant defined for user 'my_user' on host '127.0.0.1'
[ERROR ] Unable to revoke grant SELECT, SHOW VIEW on my_db.* for my_user@127.0.0.1 (MySQL Error 1141: There is no such grant defined for user 'my_user' on host '127.0.0.1')
[INFO ] Completed state [mysql_grants_revoke_my_user@127.0.0.1_my_db_ALL] at time 10:18:52.496047 (duration_in_ms=12.213)
With special attention to this line:
[DEBUG ] Doing query: REVOKE SELECT, SHOW VIEW ON `my\_db`.* FROM %(user)s@%(host)s; args: {'user': 'my_user', 'host': '127.0.0.1'}
Versions Report
- For the salt-master:
Salt Version:
Salt: 3005.1
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.8.1
docker-py: Not Installed
gitdb: 4.0.5
gitpython: 3.1.14
Jinja2: 2.11.3
libgit2: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.0
msgpack-pure: Not Installed
mysql-python: 1.4.4
pycparser: Not Installed
pycrypto: Not Installed
pycryptodome: 3.9.7
pygit2: Not Installed
Python: 3.9.2 (default, Feb 28 2021, 17:03:44)
python-gnupg: Not Installed
PyYAML: 5.3.1
PyZMQ: 20.0.0
smmap: 4.0.0
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: debian 11 bullseye
locale: utf-8
machine: x86_64
release: 5.10.0-18-amd64
system: Linux
version: Debian GNU/Linux 11 bullseye
- For the salt-minion:
Salt Version:
Salt: 3005.1
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.8.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 2.11.3
libgit2: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.0
msgpack-pure: Not Installed
mysql-python: 1.4.4
pycparser: Not Installed
pycrypto: Not Installed
pycryptodome: 3.9.7
pygit2: Not Installed
Python: 3.9.2 (default, Feb 28 2021, 17:03:44)
python-gnupg: Not Installed
PyYAML: 5.3.1
PyZMQ: 20.0.0
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: debian 11 bullseye
locale: utf-8
machine: x86_64
release: 5.10.0-13-amd64
system: Linux
version: Debian GNU/Linux 11 bullseye
Additional context
def absent(
name,
grant=None,
database=None,
user=None,
host="localhost",
grant_option=False,
escape=True,
**connection_args
):
# Check if grant exists, and if so, remove it
if __salt__["mysql.grant_exists"](
grant, database, user, host, grant_option, escape, **connection_args
):
if __salt__["mysql.grant_revoke"](
grant, database, user, host, grant_option, **connection_args
):
def grant_exists(
grant,
database,
user,
host="localhost",
grant_option=False,
escape=True,
**connection_args,
):
def grant_revoke(
grant,
database,
user,
host="localhost",
grant_option=False,
escape=True,
**connection_args,
):
Also confirmed as not working properly in onedir package.